Q1. Which of the following BEST.avoids data remanence disclosure for cloud hosted
resources?
A. Strong encryption and deletion of.the keys after data is deleted.
B. Strong encryption and deletion of.the virtual.host after data is deleted.
C. Software based encryption with two factor authentication.
D. Hardware based encryption on dedicated physical servers.
Answer: A
Q2. Which of the following is the BEST method to assess the effectiveness of an organization's vulnerability management program?
A. Review automated patch deployment reports
B. Periodic third party vulnerability assessment
C. Automated vulnerability scanning
D. Perform vulnerability scan by security team
Answer: B
Q3. In order for a security policy to be effective within an organization, it MUST include
A. strong statements that clearly define the problem.
B. a list of all standards that apply to the policy.
C. owner information and date of last revision.
D. disciplinary measures for non compliance.
Answer: D
Q4. Which of the following methods provides the MOST protection for user credentials?
A. Forms-based authentication
B. Digest authentication
C. Basic authentication
D. Self-registration
Answer: B
Q5. In a basic SYN flood attack, what is the attacker attempting to achieve?
A. Exceed the threshold limit of the connection queue for a given service
B. Set the threshold to zero for a given service
C. Cause the buffer to overflow, allowing root access
D. Flush the register stack, allowing hijacking of the root account
Answer: A
Q6. What is the MOST critical factor to achieve the goals of a security program?
A. Capabilities of security resources
B. Executive management support
C. Effectiveness of security management
D. Budget approved for security resources
Answer: B
Q7. When planning a penetration test, the tester will be MOST interested in which information?
A. Places to install back doors
B. The main network access points
C. Job application handouts and tours
D. Exploits that can attack weaknesses
Answer: B
Q8. The BEST example of the concept of "something that a user has" when providing an authorized user access to a computing system is
A. the user's hand geometry.
B. a credential stored in a token.
C. a passphrase.
D. the user's face.
Answer: B
Q9. What is the MOST effective method for gaining unauthorized access to a file protected with a long complex password?
A. Brute force attack
B. Frequency analysis
C. Social engineering
D. Dictionary attack
Answer: C
Q10. A health care provider is considering Internet access for their employees and patients. Which of the following is the organization's MOST secure solution for protection of data?
A. Public Key Infrastructure (PKI) and digital signatures
B. Trusted server certificates and passphrases
C. User ID and password
D. Asymmetric encryption and User ID
Answer: A